Full Disclosure mailing list archives
RE: recent RPC/DCOM worm thought
From: "gml" <gml () phrick net>
Date: Wed, 13 Aug 2003 16:19:57 -0400
Why build in a backdoor when you can just write crappy code? -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Kerry Steele Sent: Wednesday, August 13, 2003 3:20 PM To: Eichert, Diana; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] recent RPC/DCOM worm thought Interesting thought, but I would have to say that it really goes deeper than that. If Microsoft were as evil an empire as they are perceived to be, then wouldn't they already have the backdoor to your system to apply the patch anyway? If so then why go throught the pain in the ass to write a shotty worm and draw bad publicity to the company? Think about the anti-virus companies and, well, every security software product out there, that is racing to be the "first" to detect or remediate X new variant of the worm. What an opportunity for market traction and visibility, wouldn't you say? My USD 0.02. Cheers, Kerry -----Original Message----- From: Eichert, Diana [mailto:deicher () sandia gov] Sent: Wednesday, August 13, 2003 7:42 AM To: 'full-disclosure () lists netsys com' Subject: [Full-disclosure] recent RPC/DCOM worm thought I've been thinking about how "poorly" this worm was written and how it really wasn't very malicious, just very time consuming, forcing people/companies to install patches to their systems. Now here's an alternative thought about it. What if "someone" purposely wrote this worm to get the attention of people to patch their systems, not to DOS the mickeysoft upgrade site. If they really wanted to create a DOS against a website they wouldn't have postponed it for 4 days. That's a long time in today's world. I mean if you were mickeysoft and there was a known security hole wouldn't it be in you best interest to have the first real exploit of it be relatively benign? It gets everyone's attention and they are forced to install the latest security patch. anyway, my US$.02 worth _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- recent RPC/DCOM worm thought Eichert, Diana (Aug 13)
- Re: recent RPC/DCOM worm thought Mike buRdeN (Aug 14)
- <Possible follow-ups>
- RE: recent RPC/DCOM worm thought van Ginderachter Serge (svgn) (Aug 13)
- RE: recent RPC/DCOM worm thought Kerry Steele (Aug 13)
- RE: recent RPC/DCOM worm thought gml (Aug 13)
- Re: recent RPC/DCOM worm thought Valdis . Kletnieks (Aug 13)
- RE: recent RPC/DCOM worm thought David Vincent (Aug 14)